SQLite

View Ticket
Login
Plaintext
2013-12-23
15:35
Make sure the WhereLoop.aLTerm[] array is large enough when processing the skip-scan optimization. Fix for ticket [520070ec7fbaac]. (check-in: ac5852d6 user: drh tags: branch-3.8.2)
2013-12-22
20:44 Fixed ticket [520070ec]: Array overrun in the skip-scan optimization plus 5 other changes (artifact: c339a0e8 user: drh)
20:44
Make sure the WhereLoop.aLTerm[] array is large enough when processing the skip-scan optimization. Fix for ticket [520070ec7fbaac]. (check-in: 46d04059 user: drh tags: trunk)
20:28 New ticket [520070ec] Array overrun in the skip-scan optimization. (artifact: 4753c7b2 user: drh)
Ticket Hash: 520070ec7fbaac73eda0e0123596b7bb3e9a6897
Title: Array overrun in the skip-scan optimization
Status: Fixed Type: Code_Defect
Severity: Severe Priority: Immediate
Subsystem: Unknown Resolution: Fixed
Last Modified: 2013-12-22 20:44:24
Version Found In: 3.8.2
User Comments:
drh added on 2013-12-22 20:28:07:

The following SQL causes an array overrun in the skip-scan logic, resulting in memory corruption: 

CREATE TABLE t1(a,b,c,d,e,f,g,h,i);
CREATE INDEX t1all ON t1(a,b,c,d,e,f,g,h);
INSERT INTO t1 VALUES(1,2,3,4,5,6,7,8,9);
ANALYZE;
DELETE FROM sqlite_stat1;
INSERT INTO sqlite_stat1 
  VALUES('t1','t1all','655360 163840 40960 10240 2560 640 160 40 10');
ANALYZE sqlite_master;
SELECT i FROM t1 WHERE h=8;

This problem was introduced by check-in [b0bb975c0986fe01] which was part of the 3.8.2 release. The problem was reported to the developer via private email.